[BreachExchange] Lone Hacker Claims to Have Breached DNC
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Jun 16 18:15:49 EDT 2016
http://www.databreachtoday.com/lone-hacker-claims-to-have-breached-dnc-a-9202
There's never any lack of lust for fame in the hacking world. Now one
hacker, "Guccifer 2.0," has claimed sole responsibility for the breach of
the Democratic National Committee's systems, posting a cache of documents
on a public website.
It's a weighty, but as of yet unverified, claim following the DNC's
disclosure on June 14 that its networks were breached (see Report: Russia's
'Best' Hackers Access DNC's Trump Research).
The DNC took the fairly unheralded step of allowing the computer forensics
firm Crowdstrike to release public details of the intrusions just days
after the hackers were booted from the network. Forensic clues point to two
known groups nicknamed Cozy Bear and Fancy Bear, both of which may be
linked to the Russian government, Crowdstrike believes.
Guccifer 2.0 claims on a newly-created WordPress blog to have hacked the
DNC alone, extracting thousands of documents and emails that are now being
transferred to the secrets-spilling website Wikileaks.
The alleged hacker took a dig at Crowdstrike, contesting the company's
competency: "I'm very pleased the company appreciated my skills so highly.
But in fact, it was easy, very easy." Efforts to reach the hacker were
unsuccessful.
Crowdstrike is keeping Guccifer 2.0's claims at arm's length, saying it is
confident in its conclusion of the source of the attacks.
"Whether or not this posting is part of a Russian intelligence
disinformation campaign, we are exploring the documents' authenticity and
origin," it said. "Regardless, these claims do nothing to lessen our
findings relating to the Russian government's involvement, portions of
which we have documented for the public and the greater security community."
Guccifer Legacy
The original Guccifer is Marcel Lazar Lehel of Romania. He accessed the
email accounts of close to 100 prominent people, including former Secretary
of State Colin Powell and the sister of former President George W. Bush.
Lehel pleaded guilty in late May in U.S. federal court to aggravated
identity theft and unauthorized access to a computer.
In the blog post, Guccifer 2.0 mentioned his namesake: "Guccifer may have
been the first one who penetrated Hillary Clinton's and other Democrats'
mail servers. But he certainly wasn't the last. No wonder any other hacker
could easily get access to the DNC's servers."
More than One Hack?
The published documents include a meaty, 237-page Word document marked
confidential and titled the "Donald Trump Report." It's a comprehensive
background briefing on the presumptive Republican presidential nominee. The
date on the document is Dec. 19, 2015.
The hacker contested the DNC's assertion no financial data was compromised
in its breach. Also released was an Excel file that purports to be a list
of high dollar Democratic party donors. According to one screenshot, actor
Morgan Freeman of Los Angeles donated $1 million, and film producer Jeffrey
Katzenberg $3 million.
Officials with the DNC couldn't immediately be reached. Gawker reported
that the DNC is aware that the documents are circulating.
If the documents are genuine, it would indicate perhaps more than even two
groups had access to the DNC's systems. This is not unusual. Security
audits often find many pieces of malware on vulnerable systems, and it is
possible that many actors or groups saw exploitable holes.
The development also doesn't mean that Guccifer 2.0 is necessarily
affiliated with either Cozy Bear or Fancy Bear. In fact, state-sponsored
cyberespionage groups have no interest publishing their stolen data
publicly, as it's intended for internal consumption.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160616/3a0c1614/attachment.html>
More information about the BreachExchange
mailing list